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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S)_FROM 
THE MAILING DATE OF THIS COMMUNICATION. " 



- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 



3) n Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) K Claim(s) 7-30 is/are pending in the application. 

4a) Of the above claim(s) 25-30 is/are withdrawn from consideration. 

5) 0 Claim(s) is/are allowed. 

6) 13 Claim(s) 1-24 is/are rejected. 
?)□ Claim(s) is/are objected to. 

8) [3 Claim(s) 25-30 are subject to restriction and/or election requirement. 

Application Papers 

9) n The specification is objected to by the Examiner. 

10) 0 The drawing(s) filed on is/are: 3)0 accepted or b)n objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

11) 0 The oath or declaration is objected to by the Examiner. Note the attached Office Action orfomri PTO-152. 

Priority under 35 U.S.C. § 119 

12) 0 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or(0- 
a)n All b)n Some * c)^ None of: 

1 .□ Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No. . 

3. n Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Status 



1)S Responsive to communication(s) filed on 23 June 2004 . 
2a)\3 This action is FINAL. 2b)K This action is non-final. 



Attachment(s) 

1) (El Notice of References Cited (PTO-892) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) 

3) □ Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 



4) n Inten/iew Summary (PTO-41 3) 



5) □ Notice of Informal Patent Application (PTO-1 52) 

6) □ Other: . 
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Paper No(s)/Mail Date 



U.S. Patent and Trademark Office 

PTOL-326 (Rev. 1-04) 
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DETAILED ACTION 

1 . Claims 1-30 are presented for examination. 



2. Newly submitted claims 25-30 directed to an invention that is independent or 
distinct from the invention originally claimed for the following reasons: The newly added 
claims contain new issues such as maintaining a first Hst of users and a second Ust of 
operations and accessing both lists classified in database. These newly added claims 
regarding an invention distinct fi-om the original presented claims raise new issue and 
require a different class search since such issues are classes in a different class. 

Since applicant has received an action on the merits for the originally presented 
invention, this invention has been constructively elected by original presentation for 
prosecution on the merits. Accordingly, claims 25-30 are withdrawn from consideration 
as being directed to a non-elected invention. See 37 CFR 1 . 142(b) and MPEP § 821 .03, 

Claim Rejections - 35 USC § 112 

3. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

4. Claim 21 is rejected under 35 U.S.C. 1 12, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. 

a. The following terms renders the claims indefinite: 
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i. change in the state occupied by the working copy of the document 
in the workflow (the claim language shows ambiguity regarding 
the state occupied by the working copy of the document), 
b. The following terms lock proper antecedence basis: 

i. Claim 21, "the state". 

Claim Rejections - 35 USC §103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior 
art are such that the subject matter as a whole would have been obvious at the time the invention was made to a 
person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived 
by the manner in which the invention was made. 

6. Claims 1-19 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Haverstock et al (Haverstock), US 2002/0038357, in view of Serbinis et al (Serbinis), US 
6,314,425. 

7. Haverstock was cited in the last office action. 



8. As per claims 1 and 12, Haverstock taught the invention substantially as claimed 
including a computer-implemented method for controlling access to documents during a 
workflow (pp. 0009, 0012, 0027), comprising: 
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a. upon entry of a base document into a workflow (document, pp. 0027- 
0028); 

b. selectively providing a user access to the base document (document, pp. 
0027-0028) depending upon the identity of a user (role-based security with 
different level of access privilege to the document, pp. 0046, 0057, 0060, 
0062-0071); 

c. selectively providing access to perform operations on the base document 
depending upon the identity of a user (role-based security with different 
level of access privilege to the document, pp. 0057, 0059-0060, 0066- 
0071). 

9. Haverstock further taught that access privilege is different for different user 
identities (pp. 0060, 0065-0071) and to provide accesses to perform operations on the 
accessed document of such user identity (pp. 0065-0071). Haverstock did not 
specifically teach to create a working copy of the base document, selectively provide a 
user access to the working copy of the base document and selectively providing access to 
perform operations on the working copy of the base document depending upon the 
identity of a user. Serbinis taught to make a copy of the base document and to enable 
user access to the working copy of the base document depending on the user 
authorization (col, 11, lines 7-16). It would have been obvious to one of ordinary skill in 
the art at the time the invention was made to combine the teachings of Haverstock and 
Serbinis because Serbinis' s teaching of making a copy of the base document and 
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accessing the copy of base document enables Haverstock's system to leave the base 
document available for access by other authorized users (Serbinis, col. 1 1, lines 7-16). 

10. As per claim 2, Haverstock and Serbinis taught the invention substantially as 
claimed in claim 1 , Haverstock further taught the method to further comprising: 

a. storing access control Hst data in relation to the base document, the access 
control list data defining access controls on performing operations of the 
working copy of the base document (pp. 0063, 0065-0071); and 

b. storing security descriptor data in relation to the base document and the 
working copy of the base document, the security descriptor data defining 
access controls on reading the base document and the working copy of the 
base document (pp. 0063, 0065-0066, 0069). 



11. As per claims 3-4, Haverstock and Serbinis taught the invention substantially as 
claimed in claim 2. Haverstock further taught that wherein the step of selectively 
providing access to perform operations on the working copy of the base document 
depending upon the identity of a user (pp. 0065-0066), comprises: 

a. determining using the access control list data stored in relation to the base 
document that a user has/does not have permission to perform an 
operation on the copy of the base document (pp. 0057, 0063, 0065-0066, 
0070-0071); and 

b. allowing/denying the user to perform the operation on the copy of the base 
document (pp. 0057, 0066-0067). 
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12. As per claims 5-6, Haverstock and Serbinis taught the invention substantially as 
claimed in claim 2. Haverstock further taught wherein the access control Hst data 
comprises information identifying for each of a plurality of operations, the set of users 
that have permission to perform the operation, and said act of selectively providing 
access to perform operations on the working copy of the base document depending upon 
the identity of a user (pp. 0060-0071), comprises: 

a. referencing the information identifying for each of a plurality of 
operations, the set of users that have permission to perform the operation 
(pp. 0062-0063, 0067-0071); and 

b. if the user is/is not in the set of users that have permission to perform the 
operation, providing/denying access to the operation (pp. 0057). 



13. As per claim 7, Haverstock and Serbinis taught the invention substantially as 
claimed in claim 5. Haverstock further taught that wherein the set of users are defined in 
terms of the roles that have permission to perform the operation (pp. 0057-0058, 0060, 
0065-0066), and said act of referencing the information identifying for each of a plurality 
of operations, the set of users that have permission to perform the operation (pp. 0065- 
0071), comprises: 

a. resolving for the user the set of roles to which the user has been assigned 
(pp. 0057-0058); and 

b. determining using the set of roles to which the user has been assigned and 
the set of users defined in terms of the roles that have permission to 



Application/Control Number: 09/607, 170 Page 7 

Art Unit: 2154 

perform the operation, whether the user has permission to perform the 
requested operation (pp. 0065-0071). 

14. As per claims 8-9, Haverstock and Serbinis taught the invention substantially as 
claimed in claim 2 including the step of selectively providing a user access to the 
working copy of the base document depending upon the identity of a user (pp. 0065- 
0066, see claims 1-2 rejection), Haverstock further taught the step to comprise: 

a. determining using the security descriptor data stored in relation to the base 
document and the working copy document, that a user has/does not have 
permission to read the working copy of the base document (pp. 0057, 
0063, 0065-0066, 0070-0071); and 

b. providing/denying the user access to the working copy of the base 
document (pp. 0057). 



15. As per claim 10, Haverstock and Serbinis taught the invention substantially as 
claimed in claim 2. Haverstock further taught wherein the security descriptor data 
comprises information identifying the set of users that have permission to read each of 
the base document and the working copy of the base document (pp. 0057, 0060, 0065- 
0066), and said act of selectively providing access to the working copy of the base 
documents depending on the identity of the user (pp. 0065-0071), comprises: 

a. referencing the information identifying the set of users that have 

permission to read each of the base document and the working copy of the 

base document (pp. 0069-0071); and 
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b. if the user is in the set of users that have permission to read the working 
copy of the base document, providing access to the working copy of the 
base document (pp. 0057, 0069). 



16. As per claim 1 1, Haverstock and Serbinis taught the invention substantially as 
claimed in claim 10. Haverstock further taught wherein the set of users are defined in 
terms of the roles that have permission to read each of the base document and the 
working copy of the base document, and said act of referencing the information 
identifying the set of users that have permission to read each of the base document and 
the working copy of the base document (pp. 0065-0071), comprises: 

a. resolving for the user the set of roles to which the user has been assigned 
(pp. 0057); and 

b. determining using the set of roles to which the user has been assigned and 
the set of roles that have permission to read each of the base document and 
the working copy of the base document, whether the user has permission 
to read the base document or the working copy of the base document (pp. 
0063, 0065-0071). 



17. As per claim 13, Haverstock taught the invention substantially as claimed 
including a system for providing document isolation in a workflow environment (pp. 
0009, 0012, 0027-0028), comprising: 

a. a processor, wherein said processor is operable to execute instructions for 
performing the following acts (pp. 001 1): 
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i. maintaining for a base document undergoing a publishing 
workflow (0027-0028), the base document (pp. 0018, replication, 
pp.'0025); 

ii. maintaining access control data in relation to the base document 
(pp. 0063, 0065-0066); 

iii. upon receipt of a request to access the base document (pp. 0027- 
0028), selectively determining based on the access control data to 
provide access to the base document (role-based security with 
different level of access privilege to the document, pp. 0057, 0065- 
0071). 



18. Haver stock further taught to maintain access control data in relation to the 
documents (pp. 0063, 0065-0066). Haverstock did not specifically teach to maintain a 
copy of the base document and to selectively determine based on the access control data, 
to provide access to the copy of the base document. Serbinis taught to make a copy of 
the base document and to grant user access to the working copy of the base document 
depending on the user authorization (col. 1 1, lines 7-16). It would have been obvious to 
one of ordinary skill in the art at the time the invention was made to combine the 
teachings of Haverstock and Serbinis because Serbinis' s teaching of making a copy of the 
base document and accessing the copy of base document enables Haverstock' s system to 
leave the base document available for access by other authorized users (Serbinis, col.l 1, 
lines 7-16). 
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19, As per claim 14, Haverstock and Serbinis taught the invention substantially as 
claimed in claim 13. Haverstock further taught wherein the access control data comprises 
security descriptor data identifying the set of users that have permission to read the base 
document and the copy of the base document (pp. 0057-0058, 0062-0063, 0065-0071). 



20. As per claim 15, Haverstock and Serbinis taught the invention substantially as 
claimed in claim 14. Haverstock further taught wherein said processor is operable to 
execute instructions for performing the following acts: 

a. referencing the security descriptor data (pp. 0067-0071); and 

b. determining that a user should be directed to the copy of the base 
document based on the security descriptor data (pp. 0057, 0060, 0066- 
0071). 

21, As per claim 16, Haverstock and Serbinis taught the invention substantially as 
claimed in claim 15. Haverstock further taught wherein the security descriptor data 
identifies a set of roles corresponding to the set of users that have permission to read the 
base document and the copy of the base document, and wherein said processor is 
operable to execute instructions for performing the act of determining the set of roles that 
a user has been assigned (pp. 0057, 0060, 0065-0071), 



22, As per claim 17, Haverstock and Serbinis taught the invention substantially as 
claimed in claim 13. Haverstock further taught wherein the access control data comprises 
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access control list data identifying the set of users that have permission to perform 
operations on the copy of the base document (pp. 0057, 0065-0071). 

23. As per claim 18, Haverstock and Serbinis taught the invention substantially as 
claimed in claim 17. Haverstock further taught wherein said processor is operable to 
execute instructions for performing the following acts: 

a. referencing the access control list data (pp. 0067-0071),; and 

b. determining that a user should be allowed to perform an operation on the 
copy of the base document based on the access control list data (pp. 0057, 
0060, 0066-0071). 

24. As per claim 19, Haverstock and Serbinis taught the invention substantially as 
claimed in claim 18. Haverstock fiirther taught wherein the access control Ust data 
identifies a set of roles corresponding to the set of users that have permission to perform 
operations on the copy of the base document, and wherein said processor is operable to 
execute instructions for performing the further act of determining the set of roles that a 
user has been assigned (pp. 0057, 0060, 0065-0071). 

25. Claims 20 and 22-24 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Haverstock, US 2002/0038357, in view of Serbinis, US 6,314,425, and Sudama et al 
(Sudama), US 5,555,375. 
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Haverstock and Sudama were cited in the last office action. 
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27. As per claim 20, Haverstock taught the invention substantially as claimed 
including a method for controlling access to operations that may be performed on a 
document (pp. 0057, 0060, 0065-0071), comprising: 

a. Workflow processes (pp. 0027-0028) 

b. Receiving a request to create a new operation that may be performed on 
the documents (role-based security with different level of access privilege 
to the document, pp. 0057, 0060, access privilege changed, 0065-0071); 

c. Updating the access control hst to include entries (pp. 0060-0066). 

28. Haverstock further taught to update access controls to reflect the addition of a 
new operation (pp. 0060, access privilege changed) that may be performed on documents 
(role-based security with different level of access privilege to the document, pp. 0057, 
0060, 0065-0071). 

29. Haverstock did not specifically teach the method to comprise: creating a copy of 
the base document, assigning a unique identifier to the new operation; updating the 
access control list to include an entry for the unique identifier for the new operation nor 
to include an entry identifying the roles that have access to the new operation . Serbinis 
taught to make a copy of the base document and to grant user access to the working copy 
of the base document depending on the user authorization upon creation of a workflow 
(col. 1 1, lines 7-16). It would have been obvious to one of ordinary skill in the art at the 
time the invention was made to combine the teachings of Haverstock and Serbinis 
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because Serbinis's teaching of making a copy of the base document and accessing the 
copy of base document enables Haverstock's system to leave the base document available 
for access by other authorized users (Serbinis, col.l 1, lines 7-16). 



30. Haverstock and Serbinis did not specifically teach the method to comprise: 
assigning a unique identifier to the new operation; updating the access control list to 
include an entry for the unique identifier for the new operation nor to include an entry 
identifying the roles that have access to the new operation . Sudama taught to assign 
unique identifier to operations (col. 5, lines 33-37, col. 8, lines 55-57) for management 
purpose. It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine the teachings of Haverstock, Serbinis and Sudama 
because Sudama' s teaching of assigning unique identifiers to operations to provide 
management benefits enables Haverstock and Serbinis' method to manage and keep track 
of the types of operations performed on the documents using the identifiers. It would 
have been obvious to one of ordinary skill in the art at the time the invention was made to 
also provide unique identification to new operations in Haverstock, Serbinis and 
Sudama' s system in order to manage the new operations performed on the documents. 



31. Haverstock, Serbinis and Sudama did not specifically teach the method to 
comprise updating the access control list to include an entry for the unique identifier for 
the new operation or to include an entry identifying the roles that have access to the new 
operation . However, in order to add the new operation and enable the roles to have 
access to the new operation, the access control list must be updated so the authentication 
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to the existing users is valid with the new operation since the access control list is in 
correspondence with the operations and user roles. It is an essential step to include 
entries of such new operations and roles with authorities to such new operations to be 
entered into the control access list, whether the step is done manually or automatically, 
that cannot be skipped. It would have been obvious to one of ordinary skill in the art at 
the time the invention was made to recognize that once a new operation is introduce in 
Haverstock, Serbinis and Sudama's method, the access control list must be edited to 
provide up to date authentication to provide existing users, that have the privilege, to 
execute the new operation. 



32. As per claim 22, Haverstock, Serbinis and Sudama taught the invention 
substantially as claimed in claim 20. Haverstock further taught wherein the workflow is 
a pubhshing workflow and the new operation is at least one of the following: review and 
approve (pp. 0027-0028). 



33. As per claim 23, Haverstock, Serbinis and Sudama taught the invention 
substantially as claimed in claim 20. Haverstock further comprising: 

a. Receiving a request to perform the new operation on the copy of the base 
document (role-based security with different level of access privilege to 
the document, pp. 0057, 0060, 0065-0071); 

b. Determining using the access control list whether to allow access to the 
new operation (pp. 0057-0058, 0062-0063). 
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34. As per claim 24, Haverstock, Serbinis and Sudama taught the invention 
substantially as claimed in claim 23. Haverstock further taught wherein determining 
using the access control Ust whether to allow access to the new operation comprises 
comparing a user's roles with the roles identified in the access control list as having 
access to the new operation (pp. 0057-0058, 0062-0063). 

35. Claim 21 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Haverstock, Serbinis and Sudama as apphed to claim 20 above, and further in view of 
Barkley, US 6,088,679. 

36. Barkley was cited in the last office action. 

37. As per claim 21, Haverstock, Serbinis and Sudama taught the invention 
substantially as claimed in claim 20. Haverstock, Serbinis and Sudama did not 
specifically teach to update the access control list to change roles that have access to the 
new operation in response to a change in the state occupied by the working copy of the 
document in the workflow. Barkley taught o update the access control list to change 
roles that have access to the new operation in response to a change in the state occupied 
by the working copy of the document in the workflow (col. 6, lines 23-27, 34-39, 42-65). 
It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to combine the teachings of Haverstock, Serbinis, Sudama and Barkley 
because Barkley' s teaching of changing roles in response to a change in the state of the 
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workflow help Haverstock, Serbinis and Sudama's system to create unique role for each 
activity in the workflow (coL6, lines 44-47, 64-65). 

Response to Arguments 

38. Applicant's arguments with respect to claims 1-20 have been considered but are 
moot in view of the new ground(s) of rejection. 

Conclusion 

39. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Brown etal, US 6,067,551. 
Nochur et al, US 5,835,758. 
Antognini et al, US 5,649,185. 

40. A shortened statutory period for reply to this Office action is set to expire THREE 
MONTHS from the mailing date of this action. 

41 . Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kenny Lin whose telephone number is (703)305-0438. 
The examiner can normally be reached on 8 AM to 5 PM Tuesday to Friday and every 
other Monday. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, John Follansbee can be reached on (703)305-8498. Additionally, the fax 
numbers for Group 2100 are as follows: 



Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is (703)305- 
6121. 
ksl 

July 29, 2004 



Official Responses: 



(703) 872-9306 




